Method and apparatus for preventing misoperation in an electric power system

ABSTRACT

One embodiment provides a computer system for preventing switching errors in a power system that includes a plurality of switching devices. The system includes a topology-extraction mechanism configured to extract topology information associated with the power system; a status database configured to store status information associated with the switching devices; a rule database configured to store user-definable operation rules associated with the switching devices; a receiving mechanism configured to receive a request for performing a switching operation on a device; a simulation mechanism configured to perform a simulation based on the extracted topology information, the status information, and a rule associated with the device; a determination mechanism configured to determine whether the switching operation is allowed based on an outcome of the simulation; and a display mechanism configured to display an output of the determination mechanism.

RELATED APPLICATION

This application claims the benefit of U.S. Provisional Application No.61/509,965, entitled “Method and System for Preventing Misoperation inan Electric Power System,” by inventors Shuqiang Jin, Lingzhi Pang,Liguo Wan, Jiandong Huang, and Hongping Jiang, filed 20 Jul. 2011.

BACKGROUND

1. Field

The present disclosure relates generally to management of an electricpower system. More specifically, the present disclosure relates to asystem used for preventing switching errors in an electric power system.

2. Related Art

In complex electric power plants or transmission substations, wherevarious types of equipment are operating at high voltages, switchingerrors can lead to disastrous outcomes, such as interruptions of power,damages to equipment, and loss of human life. A number of factors cancause switching errors, including equipment failure, faults of thecontrol system, human error, and inadequate interlocking devices.Statistics have shown that most switching errors are caused by humanerror, which can be prevented with proper interlocking design.

Common switching errors include energizing a grounded line, closing aground switch when energized, de-energizing or load dropping using adisconnector instead of a breaker, or entering an energized switchingbay. In order to prevent these switching errors, it is essential toensure that the correct switching sequence is followed by the switchingpersonnel. In addition, the switching personnel must be fully aware ofthe impact of each switching step and have the assurance that the nextstep is proven safe before the actual switching takes place. Thisrequires a simulation system that models the connectivity of asubstation and the interlocking logic among the switching operations.Before operating on a piece of equipment, a worker is required toperform a switching-sequence simulation, which verifies whether thesequence of operations complies with safety rules and regulations. If anoperation step violates a safety rule, the simulation system notifiesthe worker such operation cannot proceed.

Conventional switching-sequence simulation systems rely on humanprogrammers to generate and input logic expressions that describeoperation of the equipment, which can require a huge amount of work fora large-scale, complex power system, and thus is prone to unintendedomissions or typographical errors. In addition, operation of certaincomplex equipment (such as a bridge transformer) may involve complexlogic, making it difficult to summarize all possible operating modes.

SUMMARY

One embodiment of the present invention provides a computer system forpreventing switching errors in a power system that includes a pluralityof switching devices. The system includes a topology-extractionmechanism configured to extract topology information associated with thepower system; a status database configured to store status informationassociated with the switching devices; a rule database configured tostore user-definable operation rules associated with the switchingdevices; a receiving mechanism configured to receive, from a user, arequest for performing a switching operation on a device in the powersystem; a simulation mechanism configured to perform a simulation basedon the extracted topology information, the status information, and oneor more rules associated with the device; a determination mechanismconfigured to determine whether the switching operation is allowed basedon an outcome of the simulation; and a display mechanism configured todisplay an output of the determination mechanism. The display mechanismis further configured to display an error message to the user inresponse to the switching operation not being allowed.

In a variation on this embodiment, the system further includes atransmission mechanism and a handheld smart key. The transmissionmechanism is configured to transmit a switching order based on theoutcome of the simulation to the smart key, and the smart key isconfigured to: identify the device in the field; and in response to theswitching operation being allowed, unlock a lock associated with thedevice to allow the switching operation to be performed.

In a further variation, the smart key identifies the device by checkingan RFID associated with the device.

In a variation on this embodiment, the switching devices include atleast one electrically operated device and one manually operated device.

In a variation on this embodiment, the status database is configured toreceive status information from a supervisory control and dataacquisition (SCADA) system and/or a handheld smart key.

In a variation on this embodiment, the topology-extraction mechanism isfurther configured to construct a node table from a one-line diagramassociated with the power system.

In a variation on this embodiment, the simulation mechanism isconfigured to perform the simulation by performing a search thattraverses the power system topology based on the rule.

BRIEF DESCRIPTION OF THE FIGURES

The patent or application file contains at least one drawing executed incolor. Copies of this patent or patent application publication withcolor drawing(s) will be provided by the Office upon request and paymentof the necessary fee.

FIG. 1 presents a diagram illustrating the process of the “five-step”method, in accordance with an embodiment of the present invention.

FIG. 2 presents a diagram illustrating the architecture of asimulation-and-control system, in accordance with an embodiment of thepresent invention.

FIG. 3 presents a diagram illustrating the architecture of thesimulation module, in accordance with an embodiment of the presentinvention.

FIG. 4 presents a flow chart illustrating the operation process of theswitching-error prevention system, in accordance with an embodiment ofthe present invention.

FIG. 5 presents a portion of an exemplary one-line diagram.

FIG. 6 presents a diagram illustrating an exemplary user interface, inaccordance with an embodiment of the present invention.

FIG. 7 presents a diagram illustrating an exemplary computer system forperforming switching-order simulations, in accordance with an embodimentof the present invention.

DETAILED DESCRIPTION

The following description is presented to enable any person skilled inthe art to make and use the invention, and is provided in the context ofa particular application and its requirements. Various modifications tothe disclosed embodiments will be readily apparent to those skilled inthe art, and the general principles defined herein may be applied toother embodiments and applications without departing from the spirit andscope of the present invention. Thus, the present invention is notlimited to the embodiments shown, but is to be accorded the widest scopeconsistent with the principles and features disclosed herein.

Overview

Embodiments of the present invention provide a switching-sequencesimulation system. The switching-sequence simulation system includes asimulation engine, a topology analyzer, and a rule database. Thetopology analyzer analyzes the topology of a substation based on thesingle-line diagram of the substation and constructs a node table, whichincludes status information of each node and the connectivityinformation among all nodes. The rule database stores a set ofpredetermined operation rules. Users of the simulation system areallowed to view and edit the operation rules stored in the ruledatabase. In response to an operation request, the simulation enginecalculates a switching logic expression based on the topology node tableand the rule database. If the switching logic expression states that therequested operation is allowable, the switching-sequence simulationsystem notifies the user that the operation request is granted.Otherwise, the switching-sequence simulation system notifies the userthat the operation request is denied.

Smart-Interlock System

To prevent possible switching errors involved in a switching operation,in embodiments of the present invention, a transmission substation or aswitching/dispatching center implements a smart-interlock system (SIS),which combines the reliability of mechanical interlocking and theflexibility of electrical interlocking. The SIS includes a centralsimulation-and-control system, a smart key, and various types of locks;and uses a “five-step” method to ensure switching safety. The five stepsfor performing safe switching include: a simulation step, aswitching-order transmission step, a device ID verification step, anoperation-permission revalidation step, and a switching-completion step.FIG. 1 presents a diagram illustrating the process of the “five-step”method, in accordance with an embodiment of the present invention.

Before an actual switching takes place, a simulation is performed toensure that the proposed switching sequence is safe (operation 108).Note that this simulation can be performed by a simulation-and-controlsystem 102 located in the substation control room. Theswitching-sequence simulation outputs a switching order that specifieswhich equipment is to be operated on and the order of the operations.Subsequently, the switching order is transmitted to a smart key 104during the switching-order transmission step (operation 110). Smart key104 is a handheld device that is capable of communicating, using variouswireless communication protocols (such as ZigBee or CDMA), with thesimulation-and-control system. In addition, smart key 104 is capable ofinteracting and unlocking various locks, such as a lock 106, associatedwith the switching equipment. Note that the locks are attached to theequipment, and operations on the equipment require unlocking these locksusing smart key 104. Smart key 104 can be carried by a person designatedto perform the switching operation in the field, where the equipment islocated. During the device-ID verification step, the field person usessmart key 104 to verify that the equipment to be operated on is theidentified equipment by checking an identifier associated with theequipment (operation 112). For example, a lock (such as a padlock)attached to the equipment can be embedded with an RFID, and an RFIDdetector included in the smart key can read this RFID in order to verifythe identity of the equipment. Once the ID of the equipment to beoperated on has been verified, the field person can optionallyrevalidate the operation by sending the operation request for thecurrent equipment back to simulation-and-control system 102 via smartkey 104 (operation 114) and receiving a validation result fromsimulation-and-control system 102 (operation 116). Note that thisrevalidation process (operations 114 and 116) is optional. Subsequent toreceiving the revalidation result, the field person uses smart key 104to unlock lock 106 (either an electronic lock or a mechanical lock) andperforms the actual switching (operation 118). For example, the fieldperson may need to unlock a padlock in order to move the swing handle ofa disconnect switch; or he may need to unlock a lock on the door of acabinet in order to operate on equipment inside the cabinet. Note thatthe operation can be a manual operation that requires the field personto physically move a switch handle or an automated, electricallyoperated operation. After completion of the switching operation, smartkey 104 updates the status of the equipment by transmitting its currentstatus back to simulation-and-control system 102 (operation 120).

Simulation-and-Control System

The simulation-and-control system is an essential part of the SIS. Ituses the one-line diagram of a substation to obtain the circuitrytopology; collects current equipment status; collects and modelsswitching interlock logic and rules; and simulates the switchingsequence based on the circuitry topology, current equipment status, andswitching interlock logic and rules. FIG. 2 presents a diagramillustrating the architecture of a simulation-and-control system, inaccordance with an embodiment of the present invention.Simulation-and-control system 200 includes a simulation module 202, astate machine 204, a user interface 206, and a control module 208.

During operation, state machine 204 receives the current status of theequipment in a substation from a supervisory control and dataacquisition (SCADA) system, which performs the remote operationsurveillance for the SIS, and sends the equipment status information tosimulation module 202. Simulation module 202 performs switching sequencesimulation using current equipment status, topology informationextracted from the substation one-line diagram, and the switchinginterlock logic and rules. The detailed structure of simulation module202 is shown in FIG. 3. Based on the simulation result, simulationmodule 202 generates a switching order. User interface 206 displayspossible error information and system warnings, and communicates withthe smart key. In addition, control module 208 issues control commandsto the SCADA system to realize the remote control operations.

Simulation-and-control system 200 can reside on any type of computersystem based on microprocessors, such as a standalone mainframe computeror a cluster of computer servers.

FIG. 3 presents a diagram illustrating the architecture of thesimulation module, in accordance with an embodiment of the presentinvention. Simulation module 300 includes an equipment analyzer 302, astatus database 304, a topology analyzer 306, a rule database 308, and asimulation engine 310.

Equipment analyzer 302 analyzes the structural components of each pieceof equipment associated with the switching operation, and decomposes apiece of complex equipment into a number of basic components, such ascircuit breakers, disconnects, and ground disconnects, that fulfill theelectrical functionality of the complex equipment. For example, athree-position knife switch is decomposed to two basic components: aknife switch and a ground knife switch. The three switching positionscorrespond to different switching positions of the knife switch and theground knife switch. Note that after a piece of complex equipment isdecomposed into multiple basic components, connections to other externalequipment are mapped onto corresponding ends on the basic components.The output of equipment analyzer 302, including the status of the basiccomponents and their connection information, is stored in statusdatabase 304. Note that the status information of the components can beupdated by the smart key. In one embodiment, after each operation, thesmart key updates the status of the equipment being operated on. Such anarrangement makes it possible for the system to maintain real-timestatus information of all equipment, including manually operatedequipment in the field, such as a manual switch or a locked door for aswitching bay.

Topology analyzer 306 analyzes the topology of a substation based on theone-line diagram and the decomposition outcome of each piece of complexequipment. In one embodiment, topology analyzer 306 constructs a nodetable, which includes the status of the nodes and connection informationamong the nodes. Note that each node in the node table corresponds to atopology node extracted from the one-line diagram of the substation. Inone embodiment, a topology node corresponds to a crossing point on theone-line diagram, which can include one or more equipment endpoints.Note that a single topology node may be associated with multipleendpoints, whereas a particular endpoint can only be associated with asingle topology node.

Rule database 308 stores switching interlock logic and rules, which canbe either programmed ahead of time by the manufacturer of the SIS ordefined by the user of the SIS. For example, to prevent operations on aloaded knife switch, rule database 308 stores a rule stating that nooperation (either opening or closing) is allowed on a knife switch whenthe knife switch is coupled to a closed circuit breaker. Note that theserules generally describe allowed or disallowed operations of basiccomponents, regardless of their relative locations in the systemtopology. The independent relationship between rule database 308 and thesystem topology provides scalability for the SIS. When the substationscales up, such as with the addition of new equipment, instead ofreprogramming the entire simulation software, one only needs to inputthe updated one-line diagram into topology analyzer 306. Moreover, whensafety rules and regulations are changed, only rule database 308 needsto be updated. Such updating can be made by users of the SIS. In oneembodiment, the switching interlock logic and rules are stored in atable, and the user is allowed to add, delete, or make changes to thetable entries. In a further embodiment, an entry in rule database 308includes three components: equipment type, operation type, andexpression of the rule specific to the equipment and the operation. Theequipment type component specifies the type of equipment (such asbreakers, knife switches, and ground wires) that this rule is appliedto; the operation type specifies which operation (such as opening orclosing) that this rule is applied to; and expression of the rule is alogic expression describing the error-prevention rule. Such a logicexpression is specific to the type of equipment and the type ofoperation, and remains unrelated to any specific piece of equipmentwithin the system. In the aforementioned example, a corresponding entryfor closing a knife switch in rule database 308 can be expressed as:KNIFE SWITCH, CLOSING: KNIFE SWITCH UNLOADED. Such a rule is applied toall knife switches in the system, including a knife switch that wasincluded in and decomposed from a piece of complex equipment.

Once the system receives an operation request on a piece of equipment,simulation engine 310 performs a simulation to determine whether therequested operation is allowed based on the topology node tableconstructed by topology analyzer 306, equipment status informationextracted from status database 304, and operation rules extracted fromrule database 308.

FIG. 4 presents a flow chart illustrating the operation process of theswitching-error prevention system, in accordance with an embodiment ofthe present invention. Prior to receiving a request to perform aswitching operation, the system goes through an initialization process,which includes receiving the one-line diagram of a power plant or asubstation (operation 402), extracting topology information from theone-line diagram (operation 404), and constructing a topology node table(operation 406). Note that this initialization process can be performedwhen the power system is brought online, or when the power systemexperiences equipment update. The system waits for a request for anoperation on a particular piece of equipment, such as a request forclosing a knife switch (operation 408). Upon receiving such a request,the system extracts a rule associated with the equipment and theoperation from the rule database (operation 410). Based on the rule, thesystem derives a number of operating conditions complying with the rule(operation 412). For example, a rule associated with closing a knifeswitch states that such an operation requires that the knife switch beunloaded, and the operating conditions that satisfy this rule include:all circuit breakers coupled to the knife switch being open, and atleast one side of the knife switch being unloaded.

Based on the derived operating conditions, the system extracts apredefined search associated with that rule. Such a search starts fromone or more endpoints of the equipment and traverses the electricalconnectivity topology (operation 414). The targets and boundary of thesearch are defined by the operating conditions. For example, todetermine whether the condition of all coupled circuit breakers beingopen is met, the system first defines a search boundary, which includescircuit breakers and open knife switches. In other words, a searchoriginating from a node and traversing the topology will come to a stoponce a circuit breaker or a knife switch is met. The search target is aclosed circuit breaker. Note that if the search returns a closed circuitbreaker, it indicate a violation of the operation condition. Similarly,to determine whether the condition of at least one end of the knifeswitch being unloaded is met, the system first defines a searchboundary, which includes open circuit breakers and open knife switch.The search targets include loaded devices or a power supplies. Thesystem then obtains the current status of the equipment within thetopology (operation 416). In one embodiment, the system interfaces withan EMS (Energy Management System)/SCADA system to obtain the currentoperational status (such as positions of a switch) of the equipment. Ina further embodiment, the current status of the equipment can beobtained by the smart key.

Subsequently, the system performs the search that traverses the topology(operation 418). The search starts from one or more endpoints of theequipment. In the example of the knife switch, the search starts fromboth ends of the knife switch. The search traverses the electricalconnectivity topology, and collects equipment associated with theoperating conditions. For example, using the operating condition thatall circuit breakers coupled to the knife switch are open, the systemdefines a search boundary that includes open circuit breakers and openknife switches, and the search targets include loaded devices and powersupplies. Based on the search result and the current equipment status,the system determines whether the operating conditions are met(operation 420). If the operating conditions are met, the systemindicates to the user that the operation is allowed (operation 422).Otherwise, the system displays error information to the user (operation424). In one embodiment, the error information includes the searchresult indicating the violated operating condition. In the example ofthe knife switch, the search may find a coupled circuit breaker having acurrent status of being closed, and indicate to the user that operationson the knife switch are prohibited due to the status of that particularcircuit breaker. Note that such information can be used by the user tocorrect the situation. In the above example, the error informationindicates that operations on the knife switch are prohibited because acoupled circuit breaker is closed. The user can then attempt to open thecircuit breaker first in order to operate on the knife switch. In afurther embodiment, if the violated operating condition is not acritical condition (such as a one that does not violate a safety rule),the error message may include an option that allows the user to overridethe decision made by the system. Based on the user's input, the systemmay indicate that such an operation is allowed or not.

An Operation Example

FIG. 5 presents a portion of an exemplary one-line diagram. One-linediagram 500 includes a breaker 502, two knife switches 504 and 506, andtwo ground switches 508 and 510. During initialization, theswitching-error prevention system extracts connectivity topologyinformation from one-line diagram 500 and constructs a node table. Thenode table includes a number of topology nodes (such as nodes 512 and514) and connectivity information associated with the switching devices.For example, one endpoint of ground switch 510 is coupled to an endpointof knife switch 506 and an endpoint of breaker 502 at node 514.

Upon receiving an operation request to close ground switch 510, thesystem extracts a rule stating that before the closing operation cantake place on a ground switch, the ground switch needs to be isolatedfrom other equipment. Based on the rule, the system determines that thecorresponding operating condition is that all knife switches coupled toground switch 510 remain open. Based on the operating condition, thesystem defines a search for a closed knife switch coupled to groundswitch 510. This search starts from the ungrounded end of ground switch510, and traverses the entire topology The search boundary includesknife switches and the search targets include closed knife switches. Anempty search result indicates that ground switch 510 is isolated fromother equipment. Consequently, the system determines that the operatingcondition is met, and the operation of closing ground switch 510 isallowed. Note that if a knife switch coupled to ground switch 510, suchas knife switch 506, is closed, the system will determine that therequested closing operation of ground switch 510 is prohibited, anddisplay an error message to the user. The message can notify the userthat the requested operation is prohibited because knife switch 506 isclosed.

User Interface

FIG. 6 presents a diagram illustrating an exemplary user interface, inaccordance with an embodiment of the present invention. In oneembodiment, the switching-error prevention system includes a graphicuser interface (GUI) that enables a user to interact with theswitching-error prevention system.

The GUI can be presented to the user on various types of displaymechanisms, such as a standard computer display or a touch-screendisplay. In FIG. 6, GUI 600 displays the one-line diagram of asubstation. In one embodiment, the displayed one-line diagram alsodisplays the current status of the equipment, such as a switch beingopen or close. A user can request an operation on a piece of switchingequipment by pointing and clicking an icon on the diagram correspondingto the equipment. The simulation result in response to the operationrequest is presented to the user via GUI 600.

In one embodiment of the present invention, GUI 600 can switch the viewfrom the one-line diagram shown in FIG. 6 to a view that displays atable associated with the rule database. The table view of the ruledatabase enables the user to make changes to the rule database byadding, deleting, and modifying entries in the table.

Computer System

FIG. 7 presents a diagram illustrating an exemplary computer system forperforming switching-order simulations, in accordance with an embodimentof the present invention. In one embodiment, a computer andcommunication system 700 includes a processor 702, a memory 704, and astorage device 706. Storage device 706 stores a switching-ordersimulation application 708, as well as other applications, such asapplications 710 and 712. During operation, switching-order simulationapplication 708 is loaded from storage device 706 into memory 704 andthen executed by processor 702. While executing the program, processor702 performs the aforementioned functions. Computer and communicationsystem 700 is coupled to an optional display 714, keyboard 716, andpointing device 718. The display, keyboard, and pointing device canfacilitate switching-order simulation.

The foregoing descriptions of embodiments of the present invention havebeen presented only for purposes of illustration and description. Theyare not intended to be exhaustive or to limit this disclosure.Accordingly, many modifications and variations will be apparent topractitioners skilled in the art. The scope of the present invention isdefined by the appended claims.

What is claimed is:
 1. A method for preventing switching errors in apower system that includes a plurality of switching devices, comprising:extracting, by a computer, topology information associated with thepower system; obtaining current status information associated with theswitching devices; receiving, from a user, a request for performing aswitching operation on a device in the power system; in response toreceiving the request, extracting a basic operation rule associated withthe device and the switching operation from a rule database that storesuser-definable operation rules, wherein the extracted basic operationrule is independent of a location of the device in the extractedtopology, wherein the extracted basic operation rule specifies a type ofthe device, a type of the switching operation, and a logic expressionspecific to the type of the device and the type of the switchingoperation, and wherein the logic expression of the extracted basicoperation rule is independent of the extracted topology; performing asimulation based on the extracted topology, the obtained current status,and the extracted basic operation rule that is independent of thelocation of the device; determining whether the extracted basicoperation rule is violated based on the simulation outcome; and inresponse to determining that the extracted basic operation rule isviolated, displaying an error message to the user to prevent the userfrom performing the switching operation.
 2. The method of claim 1,further comprising: transmitting the outcome of the simulation to ahandheld smart key, which is configured to: identify the device infield; and in response to the outcome of the simulation not indicatingthat the extracted basic operation rule associated with the device andthe switching operation is violated, unlock a lock associated with thedevice to allow the switching operation to be performed.
 3. The methodof claim 2, wherein identifying the device involves checking a radiofrequency identification (RFID) associated with the device.
 4. Themethod of claim 1, wherein the switching devices include at least oneelectrically operated device and one manually operated device.
 5. Themethod of claim 1, wherein obtaining the status information associatedwith the switching devices involves use of a supervisory control anddata acquisition (SCADA) system or a handheld smart key.
 6. The methodof claim 1, wherein extracting the topology information involvesconstructing a node table from a one-line diagram associated with thepower system.
 7. The method of claim 1, further comprising: decomposinga complex device into a plurality of basic components; and obtainingstatus information associated with each basic component.
 8. Anon-transitory computer-readable storage medium storing instructionsthat when executed by a computer cause the computer to perform a methodfor preventing switching errors in a power system that includes aplurality of switching devices, wherein the method comprises: extractingtopology information associated with the power system; obtaining currentstatus information associated with the switching devices; receiving,from a user, a request for performing a switching operation on a devicein the power system; in response to receiving the request, extracting abasic operation rule associated with the device and the switchingoperation from a rule database that stores user-definable operationrules, wherein the extracted basic operation rule is independent of alocation of the device in the extracted topology, wherein the extractedbasic operation rule specifies a type of the device, a type of theswitching operation, and a logic expression specific to the type of thedevice and the type of the switching operation, and wherein the logicexpression of the extracted basic operation rule is independent of theextracted topology; performing a simulation based on the extractedtopology, the obtained current status, and the extracted basic operationrule that is independent of the location of the device; determiningwhether the extracted basic operation rule is violated based on thesimulation outcome; and in response to determining that the extractedbasic operation rule is violated, displaying an error message to theuser to prevent the user from performing the switching operation.
 9. Thecomputer-readable storage medium of claim 8, wherein the method furthercomprises: transmitting the outcome of the simulation to a handheldsmart key, which is configured to: identify the device in field; and inresponse to the outcome of the simulation not indicating that theextracted basic operation rule associated with the device and theswitching operation is violated, unlock a lock associated with thedevice to allow the switching operation to be performed.
 10. Thecomputer-readable storage medium of claim 9, wherein identifying thedevice involves checking a radio frequency identification (RFID)associated with the device.
 11. The computer-readable storage medium ofclaim 8, wherein the switching devices include at least one electricallyoperated device and one manually operated device.
 12. Thecomputer-readable storage medium of claim 8, wherein obtaining thestatus information associated with the switching devices involves use ofa supervisory control and data acquisition (SCADA) system or a handheldsmart key.
 13. The computer-readable storage medium of claim 8, whereinextracting the topology information involves constructing a node tablefrom a one-line diagram associated with the power system.
 14. A computersystem for preventing switching errors in a power system that includes aplurality of switching devices, comprising: a processor; atopology-extraction mechanism configured to extract topology informationassociated with the power system; a status database configured to storestatus information associated with the switching devices; a ruledatabase configured to store user-definable operation rules associatedwith the switching devices; a receiving mechanism configured to receive,from a user, a request for performing a switching operation on a devicein the power system; a rule-extracting mechanism configured to extract,in response to the receiving mechanism receiving the request, a basicoperation rule associated with the device and the switching operationform the rule database, wherein the extracted basic operation rule isindependent of a location of the device in the extracted topology,wherein the extracted basic operation rule specifies a type of thedevice, a type of the switching operation, and a logic expressionspecific to the type of the device and the type of the switchingoperation, and wherein the logic expression of the extracted basicoperation rule is independent of the extracted topology; a simulationmechanism configured to perform a simulation based on the extractedtopology, obtained current status, and the extracted basic operationrule that is independent of the location of the device; a determinationmechanism configured to determine whether the basic operation rule isviolated based on the simulation outcome; a display mechanism configuredto display, in response to the determination mechanism determining thatthe basic operation rule is violated, an error message to the user toprevent the user from performing the switching operation.
 15. Thecomputer system of claim 14, further comprising a transmission mechanismand a handheld smart key, wherein the transmission mechanism isconfigured to transmit the outcome of the simulation to the smart key,and wherein the smart key is configured to: identify the device infield; and in response to the outcome of the simulation not indicatingthat the extracted basic operation rule associated with the device andthe switching operation is violated, unlock a lock associated with thedevice to allow the switching operation to be performed.
 16. Thecomputer system of claim 15, wherein the smart key identifies the deviceby checking a radio frequency identification (RFID) associated with thedevice.
 17. The computer system of claim 14, wherein the switchingdevices include at least one electrically operated device and onemanually operated device.
 18. The computer system of claim 14, whereinthe status database is configured to receive status information from asupervisory control and data acquisition (SCADA) system or a handheldsmart key.
 19. The computer system of claim 14, wherein thetopology-extraction mechanism is further configured to construct a nodetable from a one-line diagram associated with the power system.